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(57) The present invention provides a f ingerprint au- 
thentk:ation unit and an authenticatbn systenn which 
can use one apparatus having a fingerprint collation 
function to thereby manage and operate a plurality of 
types of apparatuses or applications. By the fingerprint 
authentication unit, fingerprint data of a plurality of fin- 
gers of the same person is registered and stored in an 
IC card section(30), so that a collation control section 
(12) compares and collates fingerprint data detected by 
a fingerprint sensor(14) with the registered fingerprint 
data at a requested collation level corresponding to a 
security level of the application and, when the user Is 
authenticaled, a common control sectlon(11) obtains 
from a FACCT(13) a key necessary to access a file 
which stores therein data to be output con^esponding to 
the contents of the application, which key is in turn de- 
crypted with an encryption key of a MF at an IC Card 
CPU(21 ) and used to authorize access to the file in order 
to the data in this file to the application. 
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Description 

BACKGROUND OF THE INVENTION 

Field of the Invention s 

[0001] The present Invention relates to a standalone 
fingeiprint authentication unit and, more particularly to, 
a fingerprint authentication unit and an authentication 
system that can accommodate a plurality of apparatus- io 
es and applicatbns. 

Description of the Related Art 

[0002] There is available a fingerprint collation system 15 
for authenticating a user by collating his fingerprint avail- 
able as a computer system or network system or even 
a security system in any other apparatuses. 
[0003] A conventional fingerprint collation system is 
of a scanner type. In which, for example, a personal 20 
computer thereof registers and stores therein original 
fingerprint data, so that a user can enter his fingerprint 
data through a fingerprint authentication unit connected 
to the personal computer, which In turn compares and 
collates thus entered fingerprint data with the original 25 
fingerprint data and, if they agree with each other, au- 
thenticates him. 

[0004] There is available also a data carrier type sys- 
tem, in which a smart card thereof registers original fin- 
gerprint data in its security memory, so that a user can so 
enter his fingerprint data through a fingerprint collation 
device connected to the personal computer, which in 
turn compares and collates these two data items with 
each other to authenticate him. 

[G005] Further, there is available a next generation 3s 
type system, in which a fingerprint collation token reg- 
isters original fingerprint data in its security memory pro- 
vided therein and also collates the data therein. 
[0006] Note here that the conventional technok>gles 
about the fingerprint collation system are disclosed, for 40 
example, in "Terminal and System for Authenfication" 
described in Japanese Patent Publication (KOKOKU) 
No. 2001-43190 (Applicant: NEC, Inventor ADACHI 
Takuya) published on Feb. 16, 2001 . 

Furthemiore,theconventionaltechnologies about ^ 
an electronic system by means of fingerprint collation 
are disclosed, for example, in "Portable Individual Au- 
thenticatbn unit and Electronic System for Authorizing 
Access thereto Using the Same" described in Japanese 
Patent Publication (KOKOKU) No. 2001-92786 (Appli- so 
cant: MIZOBE TatsujI, Inventor SAWAGUCHI Takashi) 
published on Apr. 6, 2001 . 

[0007] Furthermore, there have t>een available no 
electronic devices provided with an ISO-Standard con- 
nection terminal that can use a simple configuratu)n to S5 
transmit a signal using any other connection scheme, 
for exannple. by connecting to a plurality of interfaces 
such as a USB (universal Serial Bus) interface and/or 



Serial I/O (SIO) interface etc. 

[0008] The above-mentioned conventional fingerprint 
collation system, however, only authentk:ates a user by 
operating a specific apparatus, for example, a personal 
computer, or by executing a specific application soft- 
ware and does not provide the apparatus or application 
with specific data or even encrypted data, so that it can- 
not use one fingerprint collation device to manage and 
operate any other types of apparatuses or applications 
according to their situations. 

[0009] Furthemnore, the above-mentioned electronic 
devices provided with the ISO-Standard connection ter- 
minal cannot accommodate a plurality of any other con- 
nection schemes, so that a fingerprint collation device 
provkied with the ISO-Standard connection temninal 
suffers from a problem of poor applicability to the other 
connection schemes. 

SUMMARY OF THE INVENTION 

[0010] In view of the above, it is an object of the 
present invention to provide a fingerprint authentication 
unit and an authentication system which can use one 
apparatus provided with a fingerprint collating function 
to manage and operate a plurality of types of appara- 
tuses or applications. 

[001 1 ] It is another object of the present Invention to 
provide a fingerprint authentication unit and an authen- 
tication system whk:h can set different authentication 
degrees for different apparatuses or applications so that 
access thereto may be authorized corresponding to 
their security levels. 

[001 2] It is a further object of the present invention to 
provide a fingerprint authentk:ation unit provided with an 
ISO-Standard connection terminal which can accom- - 
modate a plurality of other connection schemes. 
[001 3] To soh/e the above-mentioned problems of the 
conventional implementations, a fingerprint authentica- 
tion unit according to the present invention comprises: 

storage means provided witii a plurality of data files 
for storing data con-esponding to applications, a fin- 
gerprint template file for storing fingerprint data, a 
master file for storing an encryption key used to de- 
crypt a key necessary to access each of the files, 
and processing means for receiving the incoming 
encrypted key to then decrypt it using the encryption 
key stored in the master file in order to ttiereby ac- 
cess each of the files and output contents thereof; 
a table for storing the encrypted key necessary to 
access the file that conesponds to a request from 
the application; 

a fingerprint sensor section for detecting a finger- 
print; and 

control means for reading out from the table 
the encrypted key relating to access to the file cor- 
responding to the request from the application to 
output the key to the processing means and also 



2 



3 



EP 1 265 121 A2 



4 



. .obtain the fingerprint data from the processing 
means in order to compare and collate the finger- 
print data with fingerprint data detected by the fin- 
gerprint sensor section and then transfer a collation 
result to the application, In such a configuration that 
the key necessary to access the data file is stored 
as encrypted corresponding to each of the applica- 
tions, so that this key can be used to obtain neces- 
sary data of the file, thus making it possible to au- 
thentk»te the plurality of applk»tions. 

[0014] By this fingerprint authentication unit accord- 
ing to the present invention, each fingerprint collation 
level is preset for each application empk>yed so that the 
control nneans can decide an access to any application 
to be FALSE if the collation does not come up with at 
least the level thereof, thus making it possible to imple- 
ment fingerprint authentcation corresponding to a se- 
curity level of the applk:ation employed. 
[0015] By an authentication system according to the 
present invention comprising the above-mentioned fin- 
gerprint authentbation unit and an apparatus whk:h can 
be connected to the intemet and in whk:h the applk:a- 
tk)ns can be executed, a common key of the master file 
is transmitted to a purchasing sourc^e, which in turn re- 
ceives software and a code encrypted using this com- 
mon key, so that this fingerprint authentication unit de- 
crypts the code using this common key and stores it in 
a specific data file, whk:h code is used in using of the 
software, thus pemiitting only a regular purchaser to 
keep the code for using the software in this fingerprint 
authentication unit to thus prevent fraudulent using. 
[0016] The above-mentioned fingerprint authentba- 
tion unit according to the present invention is provided 
with an ISO-Standard connection terminal and reads a 
state of a specific pin of the connection tenminal, so that 
if the specifk: pin is in the power-ON state, the unit de- 
cides that the connection destination is a USB adapter 
device to enter the USB mode, and if the specifk: pin Is 
in the power-OFF state, the unit decides whether anoth- 
er pin is at a high or low voltage level, and if the voltage 
is at the low voltage level, it decides that the connection 
destination is an SIO adapter device to enter the SIO 
mode, and if the voltage is at the high voltage level, it 
decides that the connection destination is an SIO adapt- 
er to enter the ISO mode, to theretiy recognize the USB, 
SIO, and ISO interfaces automatically, thus setting 
these interfaces in each of the modes easily. 
[0017] The above-mentioned fingerprint authentica- 
tion unit provided with an ISO-Standard connection ter- 
minal according to the present inventk>n comprises: 

an input/output circuit for deciding upon power ap- 
plcation whether the sixth pin of the connection ter- 
minal is in the power-OIM/OFF state to then output 
a decision result, and for deciding whether the 
fourth pin of the connection temiinal is at the high/ 
low voltage level to tiien output a decision result, if 



the sixth pin is in the power-OFF state; . 
a USB interface circuit which operates in the USB 
mode if the sixth pin is in the power-ON state; 
an 510 interface circuit which operates in the SIO 

s mode if the sixth pin is In the power-OFF state and 
the fourth pin is at the LOW voltage level; and 
a CPU circuit section whbh sets the mode based 
on the decision result from the input/output circuit 
and also whteh operates in the ISO mode if the sixth 

10 pin is in the power-OFF state and the fourth pin is 
at the high voltage level, by which ttie USB, SIO, 
and ISO interfaces can be recognized automatk:ally 
to be set in each of the modes easily. 

IS BRIEF DESCRIPTION OF THE DRAWINGS 

[0018] FIGS. 1 are external views for showing a fin- 
gerprint authentication unit related to an embodiment of 
the present invention; 
20 [001 9] FIG. 2 is a block diagram for showing a config- 
uration of the fingerprint authentication unit related to 
the embodiment of the present invention; 
[0020] FIG . 3 is a schematic illustration for showing a 
FACCT; 

25 [0021] FIG. 4 is a typical circuit diagram for showing 
the fingerprint authentication unit provided with an 
ISO-Standard connection tenninal related to the em- 
bodiment of the present invention; 
[0022] FIG. 5 is a circuit diagram for showing a USB 

30 adapter devk:e related to the embodiment of the present 
invention; 

[0023] FIG. 6 is a circuit diagram for showing an SIO 
adapter devk:e related to the embodiment of the present 
invention; 

35 [0024] FIG. 7 Is a circuit diagram for showing a host- - 
side ISO terminal connection section related to the em- 
bodiment of the present invention; 
[0025] FIG. 8 is a schematic table for showing con- 
tents of signals of an IS07816-2 terminal of the finger- 

40 print authentbation unit related to the embodiment of the 
present invention; and 

[0026] FIG. 9 is a flowchart for showing processing in 
the fingerprint authentication unit provided with the 
ISO-Standard connection terminal related to the em- 
^ bodlment of the present invention. 

DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

50 [0027] The following will describe embodiments of the 
present invention with reference to the drawings. 

A fingerprint authentk:ation unit according to an 
emt)odiment of the present invention registers and 
stores original fingerprint data of a plurality of fingers to 

55 thereby compare and collate user-entered fingerprint 
(teta with the registered original fingerprint data at a re- 
quested accuracy level corresponding to a security level 
of an apparatus or an application and, if the user is au- 
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thenticated,. obtains from a file access control table a 
key necessary to access a file storing data to be output 
corresponding to contents of the apparatus or the appli- 
cation and decrypts the key using an encryption key to 
thereby authorize access to the file using thus decrypted 
key so that the data in this file may be output to the ap- 
paratus or the applk^tion, by which the user can be au- 
thentbated corresponding to a collation level of the ap- 
plk^ation etc. independently In the apparatus to thereby 
access the file using the necessary key decrypted with 
the encryption key, thus managing highly confidential 
data at a plurality of accuracy levels to control the oper- 
ation for each of the apparatus and the applk:ation. 
[0028] Furthermore, a fingerprint authentk:ation unit 
provided with an ISO-Standard connection terminal ac- 
cording to the embodiment of the present invention 
reads in a state of a sixth pin of this ISO terminal and, 
if the sixth pin is in the power-ON state, decides that a 
connection destination is a USB adapter devk:e to enter 
a USB mode and, if the sixth pin is in the power-OFF 
state, decides whether a voltage of a fourth pin is at a 
high/bw level and, if the voltage is at the low level, de- 
cides that that the connection destination is an SIO 
adapter device to enter an SIO mode and, if the voltage 
is at the high level, decides that the connection destina- 
tion is an ISO to enter an ISO mode, to thereby auto- 
matically recognize the USB, SIO, and ISO Interfaces, 
thus setting them to any of these modes easily. 
[0029] The following wilt roughly describe the finger- 
print authentk^tion unit (present unit) according to the 
embodiment of the present invention with reference to 
FIG. 1 . FIGS. 1 are external views for showing a finger- 
print authentication unit related to the embodiment of the 
present inventk>n. 

As shown in FIGS. 1 . the present unit has a thin 
box shape, comprising a fingerprint sensor 1 on its right 
side surface as shown, for example, in FIG. 1A and a 
terminal 2 of an external connecting interface section. 
[0030] The present unit, being a standalone Intell^ent 
Authentication unit (lAU), is used to collate fingerprint 
data therein and also, based on a collatton result, obtain 
appropriate data of the data of a plurality of fingers 
stored therein and then transfer the data. 
[0031] The following will descrit>e a configuration of 
the present unit with reference to FIG. 2. FIG. 2 is a block 
diagram for showtngTHE configuration of thefingerprint 
authentcation unit related to the embodiment of the 
present Inventbn. 

As shown in FIG. 2, the present unit a fingerprint 
collation section 10, an IC card section 20, and an inter- 
face section 30. 

Note here that FIG. 2 shows an applk:ation soft- 
ware as a host (HOST) 40 to be connected to the 
present unit. 

[0032] The fingerprint collatk>n section 10 is conrv 
prised of a common control section 11 , a collation con- 
trol section 12, a Rle Access Control Condition Table 
(FACCT) 13, and a fingerprint sensor section 14. 



[0O33] The common control, section 11 receh^es a 
command incoming through tiie interiace section 30 to 
decide whether this command is used for fingerprint col- 
lation or for data access to the IC card section 20 and, 

5 if it Is for fingerprint collation, outputs It to the collation 
control section 12 and, if it is for data access, outputs it 
to a IC card CPU21 of the IC card section 20. 
[0O34] The collation control section 12 consists of a 
one-chip mterocomputer incorporating therein a CPU. a 

10 program ROM, and a work RAM, to operate a program 
for collation control and a program in the common con- 
trol section 11. 

Specifically, the collation control section 12 re- 
ceives a fingerprint collation command from the com- 

is rnon control section 1 1 to obtain an encrypted key Key P 
necessary to open a fingerprint template file 24 of the 
FACCT13 and then output it to the IC card CPU21 . 
[0035] Furtiiemnore, when having received incoming 
fingerprint template data from the IC card sectk>n 20, 

20 the collation control section 12 develops it in the woric 
RAM to compare and collate it with fingerprint data input 
from the fingerprint sensor section 14. Then, the colla- 
tion control section 1 2 outputs a collation/decision result 
to the common control section 11 . 

25 Note here that the collation control section 12 

changes a collation level corresponding to a security 
level so that collation/decision can be perfomned at a 
collation level desired by the application. 
[0036] As shown in FIG. 3, the FACCT1 3 is a table of 

30 keys for reading out a variety of types of files in the IC 
card section 20. FIG. 3 is a schematic illustration for 
showing the FACCT. The keys are stored therein as en- 
crypted using, for example, a common-key encryption 
type crypto-scheme of DES (Data Encryption Standard) 

35 or an open-key encryptk>n type crypto-scheme of RSA 
(Rivest Shamir Adleman). This table is created by the 
side that provides the present unit, so that it cannot be 
changed by the user. 

[0037] The fingerprint sensor section 14 is used to 
40 take in fingerprint data. In ttiis embodiment, the finger- 
print sensor section 14 is implemented by a commer- 
cially available module. 

[0O38] The IC card section 20 can be used to make a 
variety of settings for a conf iguratbn of a file and for con- 

^ trol of access to the file and is basically comprised of, 
for example, the IC card CPU21, the master file (MF) 
22, a collection (DF: Dedicate File) 23 of a plurality of 
data files (EF: Elementary File), the fingerprint template 
file 24, a yoicenace template file 25, and an individual 

50 information section 26. 

[0039] The IC card section 20 is connected to the 
common control section 11 through a serial interface in 
such a configuration that the common control section 1 1 
plays the role of a card reader of the IC card section 20. 

55 The IC card section 20 has the same construction 
as tat of an ordinary IC card in that the IC card CPU21 
manages each of blocks of the memory sub-divided into 
specified structures. To each block, each key (password 
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for access) can be set or different keys can be set for 
reading, writing, deleting, etc. 

[0040] The IC card CPU21 is equipped with a CPU for 
controlling the processing at the IC card section 20. 

Specifically, when having received inconning keys 
for accessing a major item and a minor item from the 
common control section 1 1 , the IC card CPU21 decrypts 
the keys using an encryption key KeyM of the MF22 and 
uses thus decrypted keys to authorize access to a major 
item DF and that to a minor item file. By this double au- 
thorization for the major and minor items, the data in the 
file is output to the common control section 11 . 
[0041] Furthemnore, when having received from the 
common control section 11 a key necessary for obtain- 
ing data in the fingerprint template file 24, the vo»e/face 
template file 25, and the individual infonmation section 
26, the IC card CPU21 decrypts the key using the en- 
cryption key KeyM of the M F22 and uses thus decrypted 
key to obtain the data in these files and output it to the 
common control section 11. 

[0042] The MF22 is provided with the encryption key 
KeyM necessary to decrypt an input key already en- 
crypted. Note here that this encryption key KeyM pro- 
vides a common key used to comnrwnly decrypt any 
keys used to access the DF and files. 
[0043] The DF23 comprises directories each classi- 
fied into DFO through DFN each of whrch has a file con- 
figuration containing fileOI through fileNL Each of the 
files stores data to be transmitted to the host 40. Note 
here that to access each directory (nnajor item DF), keyO 
through keyN are necessary, while to access a file (mi- 
nor item file), key01 through keyNI are necessary. 
[0044] The fingerprint template file 24 registers and 
stores original fingerprint data of one or a plurality of fin- 
gers, which data can be accessed by opening the tem- 
plate file with the KeyF to be output. 

The vok:e/race template file 25 stores data of 
voice and faces registered, whk^h vobe/face data can 
be accessed by opening the template file with the KeyS 
to be output. 

The individual infonmation section 26 stores indi- 
vidual information of an owner of the present unit, for 
example, a password necessary to access a laboratory. 
[0045] The interface sectk>n 30 serves to interface the 
host 40 and the present unit with each other, coming in 
ISO-7816, SIO, Bluetooth, irDA, etc. 
[0046] The host 40 may come in an apparatus in 
whk:h an application whk:h requires individual authenti- 
cation to operate ft, for example, a personal computer, 
a household appliance, a cellular phone, a car, a door 
system, a safe, an AT^, a CD player, a credit terminal, 
etc. 

[0047] The following will describe the operations of 
the present unit. 

TTiecommon control section 11 of the present unit 
receives a collation request transmitted via the interface 
section 30 from the appfication software of the host 40. 
to output to the collation control sec^on 12 a command 



for checking at a collation level demanded by the appli- 
cation. 

[0043] The collation control section 12 accesses the 
FACCT13 according to thus input command to pick up 

5 the common key and encryption key KeyP necessary 
to open the fingerprint template file 24 and output it to 
the IC Card CPU21 of the IC card section 20. 
[0049] When having received the key KeyF of the fin- 
gerprint template file 24, the IC card CPU21 decrypts it 

10 using the common key an d encryption key KeyM stored 
in the MF1 to pick up the key KeyF from the key KeyP 
and then uses it to open the fingerprint template file 24 
to read out the data and output it to the common control 
section 11 . The common control sec^on 11 outputs the 

IS data of the fingerprint template file 24 to the collatton 
control section 12. 

[0050] The collation control section 1 2 transfers thus 
input data of the fingerprint template file 24 to the woric 
RAM. The collation control section 12 decrypts the data 

20 of the fingerprint template file 24, if encrypted. 

Then, the common control section 11 outputs to 
the collation control section 12 a command for picking 
up a fingerprint and, simultaneously, request the host 
40 to give display asking the user to out his finger at the 

25 finger sensor section 1 4. 

[0051] When the finger is put at the finger sensor sec- 
tion 1 4 according to the display given by the host 40 and 
its fingerprint is detected, the collation control section 
12 reads in the data of the detected fingerprint into the 

30 work RAM so that it may be collated with the fingerprint 
data stored in the fingerprint template file 24. 

A collation result is output from the collation con- 
trol section 12 to the common control section 11 and 
then therefrom to the host 40. The host 40 in tum con- 

35 tinues processing by the application if thus input colla- . >^ . 
tion result indicates TRUE and, if it indicates FALSE, 
puts an end to the application processing. 
[0052] Furthermore, when the collation result indi- 
cates TRUE, in some cases the host 40 accesses the 

40 data file of the IC card section 20 to obtain the data 
stored therein depending on the contents of the appli- 
cation. This case is described specif k:ally as follows. 

Note here that the application may come in such 
a fonn of authenticating the fingerprint to continue its 

^ processing if the result indtoates TRUE, obtaining, in- 
stead of fingerprint authenticating, data of a speciTic file 
(data with confidentiality) from the IC card sectbn 20 to 
then output it to the host 40, or authenticating the fin- 
gerprint and also obtaining the confidential data from the 

so IC card section 20 to then output it to the host 40. 
[0053] By the applk^tion, if it is requested to obtain 
cteta with high confidentiality from the IC card section 
20, the fingerprint is collated by the present unit and, if 
the collation result indk:ates TRUE at a collation level 

55 requested by the applcation, access starts to be made 
to a data file requested by the applbation. 

For example, in a case of an application whereby 
(teta in fileOI in the DFO region in the IC card sec^on 20 
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is to be read out and transferred to the host 40, if the 
fingerprint collation comes up with TRUE, the common 
control section 11 references the FACCT13 to picl< up 
KeyO* necessary to access the DFO and output it to the 
IC card CPU21 of the IC card section 20. Note here that 
KeyO* Is encrypted beforehand. 
[0054] The IC card CPU21 decrypts the encrypted 
KeyO' using the encryption key KeyM of the MF1 and 
uses the decrypted key to authorize access to the DFO 
region. Therefore, even if af raudulent user has read out 
the KeyO* of the FACCT13, he cannot access the DFO 
unless he knows the KeyM of the MF1 . 
[0055] Next, the common control section 1 1 referenc- 
es the FACCT13 to output to the IC card CPU21 the 
KeyOI* necessary to access fileOI . This KeyOI* is also 
encrypted beforehand. 

The IC card CPU21 decrypts the KeyOI * encrypt- 
ed with the KeyM of the MF1 and then uses the decrypt- 
ed KeyOI to authorize access to f ileOI . 
[0056] Then, the IC card CPU21 reads out data of 
fileOI and outputs it to the common control section 11 , 
while the common control section 1 1 also transfers this 
data to the host 40. If this data of fiteOI is encrypted 
beforehand, it is decrypted and transfenred to the host 
40. Moreover, rf the data Is highly confidential, effkHently 
it is transfenred as it is to the host 40. 
[0057] Furthemiore, in a case of composite authenti- 
cation whereby the at)ove-mentioned fingerprint colla- 
tion method Is used togetherwrth another authenticating 
method, an extemal authentk»tion key of the template 
file may be read out from the FACCT13 to thereby read 
out the data of this template file from the I C card section 
20 and transfer it to the host 40 for authentication there. 
[0058] If, for exarr^le, the fingerprint collation comes 
up with TRUE, the common control section 11 reads out 
the KeyS' necessary to access the vok:e/face template 
file 25 from the FACCT13 and outputs it to the IC card 
CPU21 . The Keys* is encrypted beforehand and so de- 
crypted using the encryption key KeyM of the MF1 . The 
IC card CPU21 uses the decrypted key KeyS to access 
the voice/face template file 25 and output the relevant 
data to the common control section 11 and then there- 
from to the host 40. Thus, the host 40 collates the voice/ 
face. 

Note here that If the voice/face template file 25 is 
encrypted beforehand, it may be transfenred as encrypt- 
ed and, othenwise, it may be decrypted and then trans- 
ferred. 

[0059] The following will descrit>e processing per- 
formed according to an accuracy of fingerprint collation 
(collation level or security level) corresponding to the 
contents of the appi cation at the host 40. 

The application transmits the fingerprint collation 
level to the present unit and, If the fingerprint processing 
is performed, decides whether the collation has reached 
the transmitted collation level and, if that Is not the case, 
avoids perfonning the subsequent processing to end. If 
the collation accuracy has reached a spedfic level in 



processing of a high confidentiality, conversely, the apr. . 
plication can continue the processing, thus strengthen- 
ing security. 

Note here that the collation level needs that its dig- 
5 itized similarity degree given as a result of simple colla- 
tion/comparison thereof be decided to be at least a cer- 
tain reference value. 

Furthermore, the apptrcatlon makes request for a 
collation level, whbh request can be satisfied by an au- 
10 thentication method stored In the present unit. For ex- 
ample, if someone's fingerprint cannot be obtained, to 
establish collation level 5, the present unit may evaluate 
in an overall manner (that is, works out a numeral by, 
for example, weighting, addition, formulation) a collation 
IS result on a password (level 2) and voice/face data (level 
3). 

[0060] For example, the host 40 may employ the fol- 
lowing two methods to pay charge by connecting 
tiirough a line to a computer In a financial institute. 

20 By one method, a user is autiienticated by the 
present unit, so that on condition that a collati'on result 
should be of at least a preset specif k; accuracy (collation 
level), a user ID and payment infomnation recorded in 
the IC card section 20 beforehand are encrypted and 

25 transmitted together with a unit identifier such as a serial 
number of the present unit to the computer in the finan- 
cial institute, which computer in turn uses a publk: key 
con'esponding to the unit identifier to decrypt the re- 
ceived encrypted data, thus obtaining the user ID and 

30 the payment information. The crypto sch erne employed 
here may be a common-key scheme. 

By the other method, the user is authenticated by 
the present unit, so that on condition that a collation re- 
sult shoukJ be of at least a specific accuracy (collation 

35 level), the data (authentication result) and the user ID 
that Indicate his klentity are encrypted using a secret 
key and transmitted together with the unit identifier to 
the computer in the financial institute, which computer 
in turn uses a public key corresponding to the unit iden- 

40 tif ier to decrypt the authentication result, so that If they 
agree wrtti a unit identifier and a user ID stored in this 
computer, a password about his authentk:ation stored 
in this computer is obtained. The crypto scheme em- 
pk)yed may be a common key scheme. 

45 [0061 ] The f olk>wlng will describe examples of apply- 
ing fingerprint authentication in the present unit. 

Since the fingerprint template 24 in the IC card 
section 20 registers therein data of the fingers of a plu- 
rality of users, some applk:ation examples may such 

50 that If the fingerprint of any of these users is collated, 
fingerprint authentteation Is completed. 

Alternatively, some appi cation examples may 
such that fingerprint authentication is not completed un- 
til a spedfic finger predetemnined by the user is collated. 

55 Further aftematively, some applcation examples 

may be such that fingerprint authentication is not com- 
pleted unless finger collation is perfonmed a plurality of 
number of times in a specific order of the fingers whk:h 
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is predetermined by the user.. ^. ..^ . 
[0062] Further alternatively, in the finger hook mode 
In which an application starts a specific operation upon 
collation of the finger, specific processing can be as- 
signed and perfomied on the basis of which finger is 
subject to fingerprint collation and further in which order 
of the fingers the fingerprints thereof are collated. 
[0063] For example, in a case where the host 40 is a 
cellular phone, if the present unit is inserted into a spe- 
cific slot in the cellular phone with the application set in 
the finger hook mode, when a spedfk: one of the fingers 
is put on the fingerprint sensor sectfon 14, a fingerprint 
of the specific finger is collated in the present unit, which 
decides which one of the fingers was used in this finger- 
print collation and transfers to the cellular phone the in- 
fomiatton of an operating instruction which corresponds 
to the authentbated finger. Specifically, if an instruction 
(command) of DT110 (which iristructs making a phone 
call to telephone No. 110) is stored in the template of 
the present unit and output to the application in the cel- 
lular phone, the cellular phone executes this command 
to call telephone No. 11 0 automatically. It is thus possi- 
ble to provide the same operations over different models 
of the cellular phone. 

[0064] The cellular phone may correlate finger infor- 
mation and the con^esponding operation processing 
programs (which are stored in the cellular phone) be- 
forehand, to execute any one of the programs to which 
an application corresponds based on the finger informa- 
tion input from the present unit. As such, the present unit 
can operate differently con^esponding to the different fin- 
gers using the application. 

[0065] Furthemriore, a specific program may be exe- 
cuted when the fingerprints are collated at the fingerprint 
sensor section 1 4 of the present unit in a specify order. 

For example, in a case where the host 40 is a cel- 
lular phone, if the index finger was put twice and the 
middle finger was put once at the fingerprint sensor sec- 
tion 14forfingerprint collation, the infomiation aboutthe 
order In which the fingers are subjected to fingerprint 
collation is transferred from the present unit to the cel- 
lular phone. 

The cellular phone in turn has operation programs 
as correlated to this informatbn of the finger order, so 
that it responds to Infomnation of afinger order input from 
the present unit to execute, for example, a program for 
calling an emergency contact telephone number. 
[0066] The following will describe the operations for 
writing data to the IC card sectk>n 20 of the present unit. 

To write data to the present unit, it is necessary to 
a template of a fingerprint of at least one o/f the fingers 
of a user is registered beforehand when the present unit 
is used. Rrst the user is authentnated by his finger thus 
registered beforehand and, when his identily is con- 
firmed. additk)nally registers or changes the fingerprint 
templates of his other fingers in the present unit. 
[0067] The folk>wing will describe a case of updating 
a file in the present unit with reference to an example 



where software is purchased over the internet. 

A purchaser enters predetermined infomiation 
such as a commodity he wants to purchase and a meth- 
od of paying for that into a purchase application page 

5 through the host 40 and requests for a higher security 
level mode to have his fingerprint collated in order to be 
authenticated. When authenticated, he picks up the 
RSA-encrypted common key KeyM stored in the MF1 
of the iC card section 20 and transmits it to a purchasing 

10 source in the internet. 

[0068] The purchasing source subdivkles overall 
processing into processing of payment data and 
processing about the common key and encrypts a code 
number necessary to activate purchasing sofhivare us- 

is ing the common k^ KeyM and then sends the code 
number together with the software to the purchaser. The 
purchaser side receives a program file at the body of his 
terminal to input the encrypted code number into the 
present unit and further transfer it to the IC Card section 

20 20. 

[0069] The IC card section 20 uses a secret key cor- 
responding to the common key to thereby restore the 
original code and store it in a specified file number. 
Which application enters a code number or an account 
25 number and in which file number they can be entered 
need to be registered beforehand for all of the applica- 
tions. 

In this configuration, when the purchasing soft- 
ware Is activated, the relevant file is directiy accessed 

30 without requiring authentksation of the purchaser, to 
read out an acth^ation code to use it. 
[0070] In the case of a time-limited e-certificate, the 
present unit confirms the identity of the purchaser by his 
fingerprint at the time of updating and sends the com- 

35 monkey to the certificate issuing source to ask It to send . 
back data of a new certificate as encrypted. The present 
unit, in tum, decrypts the data using the secret key of 
the IC card section 20 to rewrite a specified file. This 
method can thus update a certificate without collecting 

40 the present unit for that purpose. 

[0071 ] Furttiem[X)re, when executing a utility to delete 
an unnecessary application conceming the data of a file 
in the iC card section 20, the present unit erases the 
data of the corresponding file. 
[0072] The folbwing will describe some systems uti- 
fizing the present unit. 

First, it is assunr^ that the present unit is con- 
nected in configuration to a personal computer or cellu- 
lar phone connectable to the internet. 

50 If the purchaser goes on shopping over the inter- 
net and uses hte credit card in payn^ent, he selects a 
commodity and then, when a payn^ent screen ap- 
l^eared, receives an incoming collation request com- 
nnand for credit payment through the applteation. 

55 [0073] The common control section 11 takes out the 
encrypted key KeyP of the fingerprint template file 24 
from the FACCT1 3 and outputs it to the IC Card section 
20. The IC card CPU21 of the IC card section 20 uses 
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.the key KeyM of the MFLarea to decrypt the key.KeyF 
to take it in. Then, it reads in the fingerprint data from 
the fingerprint sensor section 14 into the work RAM re- 
gion to collate it with the fingerprint template. In this 
case, the setting of the collation level is changed to, for 
example, level 4 of the five collation levels correspond- 
ing to the applk:ation. 

[0074] If the collation comes up with TRUE, the com- 
mon control section 1 1 references the FACCT1 3 to out- 
put to the IC Card section 20, for example, a key (en- 
crypted key Key 1 *) necessary to access the DF1 region 
and a key (encrypted keyll*) necessary to open filell 
to read out the data in the f ilel 1 . The data in the f ilel 1 , 
consisting of user ID and credit card infomnation which 
are encrypted using the secret key of the present unit, 
is transfen-ed to the applteation together with an identi- 
fier of the present unit. The credit payment skje in turn 
decrypts the user 10 etc. using an open key correspond- 
ing to the kJentifier of the present unit. Moreover, the 
present unit encrypts the authentication result and the 
user ID using the secret key and transmrts it together 
with the identifier to the application, so that the credit 
payment side decrypts the encrypted data using the 
open key to thereby obtain the authentk:ation result and 
the user ID. In this case, also, the crypto scheme may 
be the common key scheme. 

[0075] Furthennore, in the case of home banking 
services, if fingerprint collation comes up with TRUE up- 
on activation of the application, access is authorized to 
fileOI of the DFO regk>n. fileOI stores encrypted access 
IDs for the banking services for the purchaser, so that 
the ID can be transferred by the common control section 
11 to the applk:ation, which in tum transmrts it as en- 
crypted to a server of the servbe provider for subse- 
quent provision of the servk)es. 
[0076] Furthenrnore, an affinity divination application 
(affinity divination game) reads in fingerprint data of Ms. 
A into a region in the woric RAM of the collation control 
section 12 and, then, that of Mr. B Into another region of 
the wortc RAM of the collation control section 1 2 to per- 
fomn collation. In some cases of utiRzation, affinity may 
be divined by replying a result of this collation to the ap- 
plbation upon collation. 

[0077] Furthermore, in a case where a cellular phone 
is used to receive a music distribution servk:eto repro- 
duce a downtoaded mebdy, if lk»nse informatk)n of this 
melody is stored in a file of the IC card section 20 be- 
forehand, reproduc^on of the melody may be started by 
replying to the host 40. This is possible t>ecause when 
charge for musk: distribution is paid, the lk»nse infor- 
mation is transmitted from the application to the present 
unit and stored in the IC card sec^on 20, so that each 
time the downloaded melody is reproduced subse- 
quently, the IC card sectk>n 20 can be accessed to out- 
put the lk:ense information to the applk:ation to thereby 
reproduce the metody. 

[QQTS] Furtherrrtore, a private safe in a bank b provid- 
ed with the present unit in which a borrower's fingerprint 



. is registered in place of a key or an IC card. Such a sys- 
tem may be possible that when the user is identified on 
the basis of the result of fingerprint collation, the safe 
door is opened, to pemnrt only the user to access it with- 

s out a risk of losing the key or the card. 

[0079] Furthermore, in the case of control on an ac- 
cess door of a project development room in the labora- 
tory, its password is entered on a numerb keypad, so 
that if fingerprint collation comes up with TRUE, the 

10 password stored in the file of the individual Infonmation 
section 26 of the IC Card section 20 is read out and com- 
pared to the entered password to thereby decide wheth- 
er the door should be opened. Note here that instead of 
entering the password, only the fingerprint collation re- 

is suit may be used to decide whether the access door 
should be opened. Such a double-check system may be 
considered that instead of entering the password on the 
numeric keypad a voice/face template may be sent to 
the host 40 for face image collation. 

20 [0080] Furttiermore, although presentiy an ATM ter- 
minal needs to insert a magnetic card therein to then 
enter a password for cash dispensing, the present unit 
of a user may be connected to the apparatus for finger- 
print collation so that if the collation results indicates 

^ TRUE, file12 of the DF1 may be taken out and sent to 
the ATM temninal. By storing the information of the mag- 
netic card as encrypted in f ilel 2 beforehand, security 
can be improved over that by the presently used card, 
thus improving easiness-to-use also. 

30 [0081] Furthermore, although presently charge is 
paid with a magnetb card at a POS cash register by 
read-in of the card data and signature of a user, he may 
connect the present unit to the POS cash register to be 
kientified and then transfer his payment bank account 

35 or the credit data, thus Improving convenience greatiy. 
[0082] Furthemfiore, in control of a car, for example, 
a special vehk^le, fileNI may store beforehand a file of 
such functions of those of the vehcle as to be authorized 
in operation. In this configuration, when a driver is kien- 

^ tified upon start of the vehkde, contents of fileNI are 
transferred to the control section of the vehtole to there- 
by pennit him to use only those f unc^ons authorized for 
him. 

Furthermore, the opening/ck)sing of the door and 
^ the operation of the ignition key of a car may be control- 
led using the present unit for prevention of burglary. 
Specifically, the present unit can be attached to a cellu- 
lar phone to transmit unique data about a car number 
that can be encrypted in infrared or Bluetooth commu- 
so nbation, to authorize the door opening/closing and the 
ignition operation. Note here that those operations are 
stored in a history. 

[0083] Of a variety of methods for accessing a file in 
the IC card section 20, for example, a hierarchy-type ac- 
S5 cess method by the present unit involves independent 
fingerprint collation in the unit and subsequent decryp- 
tion by use of the encryption key KeyM of two access 
keys for a major item DF and a minor item file each so 
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that the decrypted two keys may be used to output con-. . . 
f idential data to the host 40, thus giving an effect of hold- 
ing and managing the confidential data of a plurality of 
fingers. 

Furthermore, there is available another file access 5 
method called a chain type (list type) one for making ac- 
cess consecutively in a chain manner, by which the data 
can betaken out in a double or triple manner, thus giving 
an effect for safety holding and managing the confiden- 
tial data of a pluralily of fingers. io 
[0084] Furthemnore, by the present unit, the finger- 
print can be authenticated at a collation level which cor- 
responds to a security level demanded by an applk^a- 
tion, thus giving an effect of implementing fingerprint au- 
thentk:ation that corresponds to any of a variety of ap- 15 
paratuses and applications. 

[0085] Furthennore, by the present unit, the finger- 
print template file can register and store therein the data 
of fingerprints of a plurality of fingers of the same user, 
so that the fingerprint authentk»tion processing can be 20 
ended if any one of the fingers having their fingerprints 
thus registered is authenticated, thus giving such an ef- 
fect that even if one of the fingers cannot be used in 
authentk»tion because of an injury, the other registered 
fingers can be used to continue the application. 25 
[0086] Furthermore, by the present unit, based on the 
registered data of the fingerprints of a plurality of fingers 
of the same user, it is possible to collate the fingerprint 
of a specific one of the fingers or the fingerprints of the 
fingers in a specific order in order to continue the appli- 30 
cation, thus improving security further. 
[0087] Furthermore, by the present unit, based on the 
registered data of the fingerprints of a plurality of fingers 
of the same user, it is possible to collate the fingerprint 
of a spedfk: one of the fingers or the fingerprints of the 35 
fingers in a specify order in order to continue a specific 
operation, thus simply operating the host 40. 
[0088] Furthermore, some applications may use the 
present unit more than one to demand authentication 
data of a plurality of fingers in a specific order of the 4a 
fingers in operation. For example, there may be such an 
application that an e-will can be opened only when spe- 
cific two attorneys authenticate it or that a big fund can 
be paid only when the presklent and the treasurer au- 
thenticate it. 45 
[0089] The following will describe a configuration of 
an eiec^nb devk^es provided with an ISO-Standard 
connection tenninal in a fingerprint authenticatton unit 
related to the embodiment of the present Invention with 
reference to FIG. 4. FIG. 4 is a typk:al circuit diagram so 
for showing the fingerprint authentk^atfon unit provided 
with an ISO-Standard connection temninal related to the 
embodiment of the present invention. 

As shown in FIG. 4, the fingerprint authentk:ation 
unit provkted with the ISO-Standard connecten tenminal ss 
related to the embodiment of the present invention ba- 
sk^ly comprises an IS0781 6-2 temiinaJ 41 , a connec- 
tion selection circuit 42, an SIO interface circuit 43, an 



input/output circuit 44, a USB interface circuit 45, and a 
CPU circuit section 46. 

Note here that although the fingerprint authentica- 
tion unit of FIG. 4 is provided with also the configuration 
of FIG. 2 for the purpose of autherrtbatton of the user 
himself, its part related to connection is extracted and 
shown. 

[0090] The fingerprint authentication unit may come 
in an IC card with a built-in memory or an IC Card storing 
a program therein for executing specifb processing, 
finding applications In a stendalone user authentteation 
unit etc. The IC card may be replaced with a sfick type 
or an even smaller electrons devbes. 
[0091] The following will describe the sec^bns of the 
fingerprint authentk^ation unit specifk:ally. 

The IS0781 6-2 temninal 41 is designed to accom- 
modate the IS0781 6-2 communication scheme and typ- 
ically connected to an IS07816-2 terminal connection 
section on the host side and has pins 1 -8 in such a con- 
figuration that the first pin is supplied with power supply 
VCC, the second pin receives an incoming reset signal 
(RST), the third pin receives a lock signal (CLK), and 
the fifth pin is connected to the ground (GND). 
[0092] The fourth pin of the IS0761 6-2 terminal 41 is 
connected to the connection selection circuit 42 and the 
USB interface circuit 45 to thereby supply a signal to 
these circuits 42 and 45. 

Furthennore, the sixth pin of the IS0781 6-2 termi- 
nal 41 is connected to the input/output circuit 44 and the 
USB interface circuit 45 to thereby supply a signal (VPP) 
to these circuits 44 and 45. 

[0093] Furthennore, the seventh pin of the IS0781 6-2 
terminal 41 is connected through the connection selec- 
tion circuit 42 to the SIO interface circuit 43 to thereby 
transmit and receive a signal with these drcuits. 

Furthermore, the eighth pin of the IS0781 6-2 ter- 
minal 41 is connected to the USB interface circuit 45, 
which outputs USB differential signals (D+ signal, D- sig- 
nal) ttirough the fourth and eighth pins thereof respec- 
tively. The USB decides a difference between the 
and D- signals as a signal level to enable transmission 
and reception by means of bilateral transfer of the sig- 
nals. 

[0094] The connection selection circuit 42 is connect* 
ed to the IS0781 6-2 tenninal 41 at its fourth and seventh 
pins, to output a signal from the fourth pin to the input/ 
output circuit 44 and the SIO interface circuit 43 and a 
signal from the SIO interface circuit 43 to the IS0781 6-2 
terminal 41 at its seventh pin. 
[00951 The specific operations of the connection se- 
tectton circuit 42 are as follows: upon power appltoation, 
the connection selection circuit 42 outputs the signal at 
the fourth pin of the IS0781 6-2 tenninal 41 to the input/ 
output drcuit 44, whk:h then deckies whether this signal 
is at the high/low level, so that if it is at the low level, the 
connection selection circuit 42 provktes the SIO mode 
to thereby output the signal at the fourth pin of the 
IS07816-2 tenninal 41 to the SIO interface circuit 43 
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1 and the signal from the SIO interface section 43 to the 
IS0781&-2 terminal 41 at its seventh pin. 
[0096] If the input/output circuit 44 decides that the 
signal is at the high level, on the other hand, the con- 
nedion selection circuit 42 provides the iS0781&-2 s 
mode to thereby connect the fourth pin of the IS07816-2 
terminal 41 with the SIO interface circuit 43, in order to 
input the signal at that fourth pin to the SIO interface 
circuit 43 and output the signal of the SIO interface cir- 
cuit 43 to the IS07816-2 temninal 41 at its seventh pin. io 
[0097] The SIO interface circuit 43 operates in the SIO 
mode to receives the incoming signal from the fourth pin 
of the IS0781 6-2 terminal 41 through the connection se- 
lection circuit 42 and output the signal through the con- 
nection selection circuit 42 to the IOS7816-2 temninal 
41 at its seventh pin. 

[0098] Upon power application, the input/output cir- 
cuit 44 checl(S the state of the sixth pin of the IS0781 6-2 
temninal 41 to decide whether it is at 3.3V or OV and then 
output a decision result to the CPU circuit section 46. 20 
Sul^sequently, the input/output circuit 44 checks the 
state of the fourth pin of the IS07816-2 terminal 41 
through the connection selection circuit 42 to decide 
whether it is at the high/low voltage level and then output 
a decision result to the CPU circuit section 46. 25 
[0099] If supplied with a power voltage of 3.3V from 
the sixth pin of the IS07816-2 terminal 41 , the USB in- 
terface circuit 45 operates in the USB mode to so that 
the IS07816-2 terminal 41 inputs and outputs the USB 
differential signals through its fourth and eighth pins. 30 
[01 00] The CPU circuit section 46 receives from the 
input/output circuit 44 a decision signal Indicating 
whether the sixth pin of the IS0781 6-2 terminal 41 is at 
3.3V/0V and, if it is at 3.3V, provides the USB mode to 
transmit and receive a signal through the USB interface 35 
circuit 45, if it is at OV and the fourth pin of the IS0781 6-2 
terminal 41 is at the low level, provides the SIO mode 
to transmit and receive a signal through the SIO inter- 
face circuit 43 and, If It is at OV and the fourth pin of the 
1S0781 6-2 temninal 41 is at the high level, provides the ^ 
1S07816-2 mode to transmit and receive a signal 
through the input/output dncuit 44. 
[0101] Note here that the SIO interface circuit 43, the 
input/output circuit 44, the USB interface circuit, and the 
CPU drcult 46 may be constituted in a one-chip micro- ^ 
computer or their functions may be implemented by soft- 
ware partially or wholly. 

[0102] The following will describe the operations in 
the fingerprint authentication unit with reference to FIG. 
9. FIG. 9 rs a flowchart for showing processing In the so 
fingerprint authenticatton unit provided with an 
ISO-Standard connection terminal related to the em- 
bodiment of the present Invention. 

When power is applied on the fingerprint authen- 
tication unit, the inside of the CPU circuit section 46 and S5 
the other circuits are initialized (SI ), then the input/out- 
put circuit 44 reacte in the state of the sixth pin through 
the 1S07816-2 temunal 41 (S2) and, if power-ON (3.3V) 



is decided, outputs the decision result to the CPU circuit 
section 46, which in turn decides that the connection 
destination is a USB adapter to initialize the USB inter- 
face circuit 45 (set the USB mode at S3), thus executing 
a main program. 

[0103] Note here that in the reception processing in 
the USB mode, the USB differential signals from the 
fourth and eighth pins of the IS07816-2 temiinal 41 are 
input to the USB interface drcuit 45, while in the trans- 
mission processing, the USB differential signals are out- 
put from the USB interface circuit 45 to the IS07816-2 
temninal 41 at its fourth and eighth pins. 
[0104] If the input/output circuit 44 decides that the 
sixth pin of the IS07816-2 temninal 41 is at the pow- 
er-OFF state (OV), on the other hand, it outputs the de- 
cision result to the CPU drcuit 46 and then reads in the 
state of the fourth pin through the connection selection 
circuit 42 (s4) and, if it is at the LOW voltage level, out- 
puts the decision results to the CPU drcuit section 46, 
which in tum decides that the connection destination is 
the SIO adapter to make switching to the SIO interface 
circuit 43 and then initialize it (set the SIO mode at S5), 
thus executing the main program. 
[0105] Note here that In the reception processing in 
the SIO mode the signal is input from the fourth pin of 
the IS07816-2 temiinal 41 to the SIO interface circuit 
43 through the connection seledion circuit 42, while in 
the transmission processing the signal is output from the 
SIO interface circuit 43 through the connection selection 
circuit 42to the IS0781 6-2 terminal 41 at its seventh pin. 
[0106] If, the input/output circuit 44 deddes that the 
fourth pin of the SI07816-2 temiinal 41 is at the high 
voltage level, on the other hand, it outputs the decision 
resulttotheCPU drcuit section46, which in tum decides 
that the connec^on destination is the IS07816-spec 
adapter, to make switching to an interface circuit con- 
forming to the IS07816 communication specif k^tions 
and then initialize it (set the IS07816-2 mode at S6), 
thus executing the main program. 
[0107] Note here that in the reception processing in 
the IS0781 6-2 mode the signal is input from the seventh 
pin of the IS0781 6-2 temninal 41 to the input/output cir- 
cuit 44 through the connection seiedion drcuit 42, while 
in the transmlssk)n processing the signal is output from 
the Input/output drcuit 44 through the connection selec- 
tion drcuit 42 to the IS0781 6-2 temninal 41 at its seventh 
pin. 

[0108] The following will describe a USB adapter de- 
vk:e related to the emt)odiment of the present invention 
with reference to FIG. 5. FIG. 5 is a drcuit diagram for 
showing the USB adapter device related to the embod- 
iment of the present invention. 

As shown in FIG. 5, the USB adapter devce relat- 
ed to the emlxxiiment of the present invention bask:ally 
compr^s an IS07816-2 temninal connection section 
51 , a voltage conversion drcuit 52, a resetting drcuit 53. 
a dock signal drcuit 54, and a USB connector 55. 
[01 09] The fdlowtng will spedTicaily descrbe various 
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sections of the USB adapter device. 

The IS07816-2 terminal connection section 51 
has a temninal shape confonning to the IS07816-2 
Standards, having first through eighth pins in such a 
configuration that the first and sixth pins are supplied s 
with 3.3V from the voltage conversion circuit 52, the sec- 
ond pin is supplied with the reset signal (RST) signal 
from the resetting circuit 53, the third pin is supplied with 
the clock signal (CLK) from the clock signal circuit 54, 
and the fifth pin is connected to the ground (GND) level. io 
[0110] In this configuration, the reserved fourth pin of 
the IS07816-2 terminal connection section 51 is as- 
signed for the D+ signal of the USB and the eighth pin, 
for the D- signal thereof. Since the USB is set for full- 
speed conrvnunication, a pull-up resistor R Is connected is 
to the signal supplying signal line. 
[01111 The seventh pin of the IS07816-2 temiinal 
connection section 51 can be used for general-purpose 
Inputting or outputting by controlling the program in the 
fingerprint authentication unit so that an LED (Light 20 
Emitting Dk)de) can be turned ON/OFF or the fingerprint 
authentication unit can read out the ON/OFF state of the 
switch. 

[0112] The voltage conversion circuit 52 is supplied 
with 5V from the host side to convert it to a voltage of 2s 
3.3V and supply It to the side of the fingerprint authen- 
tication unit The 5V signal line is connected to the first 
pin of the USB connector 55 and the 3.3V signal line, to 
the first and sixth pins of the IS0781 6 temiinal connec- 
tion section 51 . so 
[01 13] The resetting circuit 53 outputs the reset signal 
(RST) to the IS0781 6 terminal connection section 51 at 
its second pin. 

[0114] The ck)ck signal circuit 54 outputs the dock 
signal (CLK) to the 1S0781 6-2 terminal connectton sec- 35 
tion 51 at its third pin. 

[0115] The USB connector 55 has a terminal structure 
confirming in shape to the USB for the purpose of con- 
necting to the host side provided with a USB temiinal in 
such a conf iguratk)n that the first pin is connected to the ^ 
voltage conversion circuit 52, the second pin Is connect- 
ed to the fourth pin of the IS07816-2 terminal connec- 
tion section 51 , and the third pin is connected to the pull- 
up resistor and the eighth pin of the IS0781 6-2 terminal 
connection section 51 . ^ 
[0116] Note here that a signal from the host side is 
output from the second pin of the USB connector 55 to 
the fourth pin of the I SOTS 1 6-2 terminal connection sec- 
tion 51 , while a signal from the fingerprint authentication 
unit Is output from the eighth pin of the iSOTBI 6-2 ter- so 
minal connection section 51 to the third pin of the USB 
connector 25. 

[01 17] If the USB adapter device having this configu- 
ration is mounted between a host-skie USB port and the 
fingerprint authentk^tion unit, the USB signals from the ss 
host skte can be converted to ISOTBI 6-2 conrvnunna- 
tion-spec ones to be input to the fingerprint authentk»- 
tion unit and, conversely, the IS07816-2 signals from 



the fingerprint authentication*unit.can be converted to 
USB communk^ation-spec ones to be output to the host 
side. 

[01 18] The following will describe the StO adapter de- 
vbe related to the embodiment of the present invention 
with reference to FIG. 6. FIG. 6 is a circuit diagram for 
showing THE SIO adapter device related to the embod- 
iment of the present invention. 

As shown in FIG. 6, the SIO adapter device related 
to the embodiment of the present invention basbally 
comprises an IS07816-2 temninal connection section 
61 , a voltage conversion circuit 62, a resetting circuit 63, 
a clock signal circuit 64, a logical product circuit (AND 
circuit) 65, a gate circuit 66, a driver receiver 67, a power 
supply connector 68, and an SIO connector 69. 
[0119] The following will specif bally describe various 
sections of the SIO adapter devbe. 

The IS07816-2 temiinal connection section 61 
has a terminal shape confomiing to the IS07816-2 
Standards in order to connect to the fingerprint authen- 
tication unit, having first through eighth pins in such a 
configuration that the first pin is supplied with 3.3V from 
the voltage conversion circuit 62, the second pin is sup- 
plied with the reset signal (RST) signal from the resetting 
circuit 63, the third pin is supplied with the clock signal 
(CLK) from the clock signal circuit 64, and the fifth and 
sixth pins are connected to the ground (GND) level. 
[0120] In this configuration, the seventh pin of the 
IS0781 6-2 tennlnal connec^on section 61 is connected 
to inputs of the driver recehrer 67 and the gate circuit 66. 
[0121] The voltage conversion circuit 62 is supplied 
with 5V through the power supply connector 68 to con- 
vert it to a voltage of 3.3V and supply it to the first pin of 
the IS0781 6-2 tenninai connection section 61 . 

The resetting circuit 63 outputs the reset signal 
(RST) to the IS0781 6-2 temninal conne<^on section 61 
at Its second pin. 

The clock signal circuit 64 outputs the clock signal 
(CLK) to the ISOTBI 6-2 tenmlnat connectton section 61 
at its third pin. 

[01 22] The logbal product circuit (AND circuit) 65 re- 
ceives a RECEIVE signal from the driver receiver 37 and 
also a gate-OFF output signal provided from the gate 
circuit 66 to output a logteal product of these two signals 
to the IS07816-2 terminal connectk>n section 61 at its 
fourth pin. 

The gate drcuit 66, when having received a low 
level signal in the reset state, outputs the gate-OFF sig- 
nal at the high level. The gate circuit 66 can be easily 
implemented by logbal ctrcuits such as a flip-flop. 
[0123] That is, since the gate circuit 66 outputs the 
gate-OFF output signal at the high level unless the 
TRANSMIT signal (of the low leveQ is output from the 
seventh pin of the IS07816-2 terminal connection sec- 
tion 61 , the AND cticurt 65 outputs the RECEIVE signal 
from the driver receiver 67 as it is to the fourth pin of the 
IS07816-2 terminal connection section 61 . 
[0124] If the TRANSMfT signal (of the high level) is 
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transmitted from the seventh pin of the IS0781 6-2 ter- 
minal connection section 61 , however, the gate circuit 
66 outputs the gate-OFF output signal at the low level, 
sothatthe AND circuit 65 does not output the RECEIVE 
signal, if received from the driver receiver 37, to the 5 
IS07816-2 temninai connection section 61 at its fourth 
pin. 

[0125] The driver receiver 67 outputs the RECEIVE 
signal from a reception pin (temporarily called the sec- 
ond pin [RxD]) of the SIO connector 69 to the input of io 
the AND circuit 65 and outputs the TRANSMIT signal 
from the seventh pin of the IOS781 6-2 terminal connec- 
tion section 61 to a transmission pin (temporarily called 
the third pin |TxD]) of the SIO connector 69. 
[0126] The powersupply connector 68 supplies a volt- is 
age of 5V to the voltage conversion circuit 62 and the 
SIO connector 69 at its fifth pin. 

The SIO connector 69 has a structure conforming 
to the shape of the SIO temninal in order to connect to 
the host side provided with the SIO connector, having 20 
the first through ninth pins in such a configuration that, 
for example, the second pin serves as the reception pin, 
the third pin serves as the transmission pin, and the fifth 
pin serves as the power supply pin. 
[0127] The following will describe the operations of 25 
' the SIO adapter device. 

If the fingerprint authentication unit is connected 
to the SIO adapter device and power is applied thereon, 
the gate circuit 66 is reset directiy upon power applica- 
tion to provide an low level output, so that the IS0781 6-2 so 
temninal connection section 61 provides an low level 
output at its fourth pin. 

When the fingerprint authentication unit starte in- 
itialization to read in the states of the sixth and fourth 
pins of the IS0781 6-2 temninal 41 , it determines OV and 3S 
the LOW voltage level respectively to thereby decide 
that the connection destination is the ISO adapter de- 
vice. 

[0128] If the fingerprint authentication unit continues 
initialization as it is and provided with an IC card before- ^ 
hand, when tC card gives ATR response, data is trans- 
mitted to the host side to generate an input to the gate 
circuit 36, so that the gate-OFF output signal changes 
high in level, thus permitting the reception data to be 
transferred from the host to the fingerprint authentica- 45 
tion unit 

[01 29] Although the ATR signal has been transmitted 
from the IC card ak>ove to make a shift from the mode 
selection state directly upon res^ngto a data commu- 
nication-enabled state, a product not transmitting the so 
ATR signal, if any, can also avoid encountering abnor- 
mal reception in that the host side receives off-spec da- 
ta, by gating both the TRANSMIT and RECEIVE signals 
so that the gate RELEASE signal may not be transferred 
to the host side. ss 
[0130] The following will descrd)e a configuration of 
the ISO terminal connection section on the host side 
with reference to FIG. 7. RG. 7 is a circuit diagram for 



showing the host-side ISO temninal connection-section 
related to the emt)odiment of the present invention. 

As shown In FIG. 7, the host-side ISO terminal 
connection section related to the embodiment of the 
present invention basically comprises an IS07816-2 
terminal connection section 71 , a voltage conversion dr- 
cuit 72, a resetting circuit 73, and a clock signal circuit 
74. 

[0131] The following will describe the sections of the 
ISO temninal connection section specifically. 

The IS07816-2 terminal connection section 71 
serves as a host-side connection section conforming to 
the IS07816-2 Standards, having first through eighth 
pins in such a configuration that the first pin is supplied 
with 3.3Vfrom the voltage conversion circuit 72, the sec- 
ond pin is supplied with the reset signal (RST) signal 
from the resetting circuit 73, the third pin is supplied with 
the ck>ck signal (CLK) from the dock signal circuit 74, 
the fourth pin is supplied with a power supply voltage 
VCC, the fifth and sixth pins are connected to the ground 
(GND) level and the seventh pin is connected to a host- 
side input/output (i/O). 

[0132] The voltage conversion circuit 72 is supplied 
with 5V from the host side to convert it to a voltage of 
3.3V and supply it to the first pin of the IS07816-2 ter- 
minal connection section 71 . 

The resetting circuit 73 outputs the reset signal 
(RST) to the IS0781 6-2 temninal connection sedion 61 
at its second pin. 

The clock signal drcuit 74 outputs the dock signal 
(CLK) to the IS07816-2 temninal connedion sedion 71 
at its third pin. 

[0133] The following will descnbe the operations of 
the ISO terminal connection sedion. 

When the IS0781 6-2 temninal 41 of the fingerprint . 
authentication unit is connected to the IS07816-2 ter- 
minal connedion section 71 of the ISO terminal connec- 
tion sedion, the fingerprint authentication unit checks 
the state of the sixth pin of the IS07816-2 terminal 41 
to detemnine its voltage to be OV because this sixth pin 
is conneded to the GND terminal in the IS0781 6-2 ter- 
minal connedion sedion 71 and then checks the fourth 
pin 0fthelSO7816-2temninal41 to determine its voltage 
to be the high level because this fourth pin is conneded 
to the power supply VCC in the IS0781 6-2 terminal con- 
nection section 71 , to thereby dedde that the connedion 
destination is the IS07816-2, thus operating in the 
IS0781 6^2 mode. 

Then , the connection selection drcuit 42 in thef in- 
gerprint authentication unit interconnects the seventh 
pin of ttie IS07816-2 temninal 41 and the input/output 
drcuit 44 for transmission and reception of a signal. 
[0134] As can be seen from the above, in the case 
where the ISO terminal connedk>n sedion is used to 
directly conned the fingerprint authentication unft to the 
tnskie of the host, such a drcuit is added as to conned 
the fourth pin of the IS0781 6-2 terminal connection sec- 
tion 71 of the ISO terminal connedion section to which 
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an-lC Card is connected to a pulhup resistor and the . 
sixth pin thereof, to the GND temninal. 
[0135] RG. 8 lists the pin numbers of the IS0781 6-2 
terminal 41 of the fingerprint authentication unit, the sig- 
nal names, and the signal contents in the IS07816-2 5 
mode, the USB mode, and the SIO mode. FIG. 8 is a 
schematic table for showing the contents of signals of 
the IS0781 6-2 temninal of the fingerprint authentication 
unit related to the embodiment of the present invention. 

In FIG. 8, the fourth pin of the {S0781 6-2 terminal io 
41 provides a mode selection input in the iS07816-2 
mode, a +Data (D+) [data input] in the USB mode, and 
a mode selection input/data input in the SIO mode. 
[0136] Furthemnore, the sixth pin of the IS07816-2 
tenninal 41 provides the GND temninal In the IS0781 6-2 is 
mode, a USB power supply input in the USB mode, and 
the GND temninal in the SIO mode. 

Furthermore, the seventh pin of the IS07816-2 
terminal 41 provides, a data Input/output In the 
iS0781 6-2 mode, an IO Input/output in the USB mode, 20 
and a data output in the SIO mode. 

Furthermore, the eighth pin of the IS07816-2 ter- 
minal 41 provides a -Data (D-) [data input] in the USB 
mode. 

[01 37] By the fingerprint authentication unit, it is pos- ^ 
sibte to select an appropriate connection destination 
from a group of the ISO terminal connection section, the 
USB adapter device, and the SIO adapter device based 
on the state of the pins of the IS0781 6-2 terminal 41 , to 
set the IS07816-2 mode, the USB mode, or the SIO so 
mode automatically in order to utilize the fingerprint au- 
thentication unit in various interfaces, thus giving an ef- 
fect of expanded utilization fields. 
[01 38] Although the above has described a technolo- 
gy of the present invention for automatically recognizing ^ 
the USB Interface, the SIO interface, and the ISO inter- 
face to easily set the corresponding modes with refer- 
ence to an application to the fingerprint authentication 
unit, the technology of the present invention is applica- 
ble also to a general eiectronic devices. The electronic 40 
device here may include an 10 card with a built-in mem- 
ory, an IC card storing a program for executing specific 
processing, etc. The 10 card may be replaced by a stick 
type or small sized electronic devices. 
[0139] By the USB adapter device, when the 45 
IS07816-2 temninal 41 of the fingerprint authentication 
unit is conne<ted to the IS0781 6-2 temninal connection 
section 51 , in the USB mode a signal can be transmitted 
to and received from the USB connector 56 connected 
to the host side, thus giving an effect of utilizing the host- so 
side USB port even rf an ISO-Standard tenminal s pro- 
vided. 

[0140] By the SIO adapter device, when the 
IS0781 6-2 terminal 41 of the fingerprint authentication 
unit is connected to the IS0781 6-2 temninal connection ss 
section 61 , in the SIO nnode a signal can be transmitted 
to and received from the SIO connector 69 connected 
to the host side, thus giving an effect of utilizing the host- 



side SIO port even if an ISObStandard terminal is pro- < 
vided. 

[0141] In a fingerprint authentication unit according to 
the present invention, the control means reads out an 
encrypted key related to access to a file whk:h conre- 
sponds to a request from an application to then output 
the encrypted key to the processing means and also ok>- 
tain fingerprint data from the processing means and 
then compares and collates the data with fingerprint da- 
ta detected by the fingerprint sensor to thereby transfer 
a collation result to the application, so that each key 
stored as encrypted whk:h is necessary to access a data 
file for each corresponding application can be used to 
obtain data of a necessary file, thus giving an effect of 
authenticating a plurality of applk^ations. 
[0142] In the above-mentioned fingerprint authentica- 
tion unit according to the present invention, each finger- 
print collation level is set for each applk^tion so that the 
control nneans can decide fingerprint data to be FALSE 
if collation thereof does not come up with at least such 
level, thus giving an effect of fingerprint authentfcation 
corresponding to a security level of the application. 
[0143] In an authentication system according to the 
present invention comprising the above-mentioned fin- 
gerprint authentk:ation unit and an apparatus In whbh 
an application connectable to the intemet operates, a 
common key of the master file is transmitted to a pur- 
chasing source, which in tum receives a code encrypted 
with the common key and the relevant software, whk^ 
common key Is used by this fingerprint authentication 
unit to decrypt the code and store It in a specific data 
file so that this code can be used to use the software, to 
thereby permit only a regular purchaser to keep in this 
fingerprint authentication unit the code necessary to use 
the sofh¥are, thus giving an effect of preventing fraudu- 
lent using. 

[0144] The at)ove-mentioned fingerprint authentica- 
tion unit according to the present invention is provkted 
with an ISO-Standard connection temninal, by which a 
state of a specific pin of the connection temninal can be 
read in, and if the specific pin is in the power-ON state, 
the connection destination is decided to be a USB 
adapter devk:e to make shift to the USB mode and, if 
the specific pin is in the power-OFF state, another pin 
is checked for whether rt is at the high/low voltage level, 
so that if it is at the bw level, the connection destinatbn 
is deckied to be an SIO adapter to make shift to the SIO 
mode and, if it is at the high level, the connection desti- 
nation is deckied to be an ISO to make shift to the ISO 
mode, so that a USB internee, an SIO interface, and an 
ISO interface can be recognized automatically, thus giv- 
ing an effect of setting the conresponding modes easily. 
[0145] The above-mentioned firigerpnnt authentica- 
tion unft provided with an ISO-Standard connection ter- 
minal according to tfie present invention comprises: 

an input/output circuit for deciding upon power ap- 
plk:ation whether the sixth pin of the connection ter- 
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minal is in the powerrON/OFF state to then output 
a decision result and, if the sixth pin Is in the pow- 
er-OFF state, deciding whether the fourth pin of the 
connection terminal is at the high/low voltage level 
to then output a decision result; s 
a USB interface circuit which operates in the USB 
mode if the sixth pin is in the power-ON state; 
an SIO Interface circuit which operates in the SIO 
mode if the sixth pin is in the power OFF state and 
the fourth pin is at the LOW voltage level; and io 
a CPU drcurt section which sets the mode based 
on the decision result from the input/output circuit 
and also which operates in the ISO mode if the sixth 
pin is in the power-OFF state and the fourth pin is 
at the hight voltage level, by which the USB, SIO, is 
and ISO interfaces can be recognized automatically 
to be set In each of the modes easily. 



Claims 20 

1 . A fingerprint authentication unit comprising: 

storage means provided with a plurality of data 
files for storing data corresponding to applica- 2s 
tions, a fingerprint template file for storing fin- 
gerprint data, a master file for storing an en- 
cryption key used to decrypt a key necessary 
to access each of the files, and processing 
means for receiving the incoming encrypted 30 
key to then decrypt it using the encryption key 
stored in the master file in order to thereby ac- 
cess each of the files and output contents there- 
of; 

a table for storing the encrypted key necessary 3s 
to access the file that corresponds to a request 
from the appik:atton; 

a fingerprint sensor section for detecting a fin- 
gerprint; and 

control means for reading out from the table the ^ 
encrypted key relating to access to the file cor- 
responding to the request from the application 
to output the key to the processing means and 
also obtain the fingerprint data from the 
processing means in order to compare and col- ^ 
late the fingerprint data with fingerprint data de- 
tected by the fingerprint sensor section and 
then transfer a collation result to the applk»- 
tion, in such a configuratton that the key neces- 
sary to access the data file is stored as encrypt- so 
ed corresponding to each of the applications, 
so that this key can be used to obtain necessary 
data of the file, thus making ft possible to au- 
thenticate the plurality of applk»tk>ns. 

55 

2. The fingerprint authentk»tk>n unit according to 
daim 1 , wherein: 



if the requestfrom said applk:ation indk:ates.fin- 
gerprint collation, said control means reads out 
the encrypted key necessary to access said fin- 
gerprint template file from said table and out- 
puts sakl encrypted key to said processing 
means; and 

said processing means uses the encryption key 
of said master file to thereby decrypt said en- 
crypted key necessary to access said finger- 
print template file and then access to said fin- 
gerprint template file, thus outputting thefinger- 
print data stored in said file to said control 
means. 

3. The fingerprint authentication unit according to 
daim 2, wherein a fingerprint collation level is set 
for sakJ applk^ation, so that said control means can 
dedde the fingerprint data to be FALSE as a result 
of collation If collation does not come up with at least 
said level. 

4. The fingerprint authentk:ation unit according to any 
one of daims 1 -3, wherein storage means is provid- 
ed with a template for storing therein vok^e data or 
Image data of the face, the iris, the retina, a sign, or 
a shape of the palm and an individual information 
section for storing individual infonnation of the user. 

5. The fingerprint authenttoation unit according to any 
one of daims 1-4, wherein said fingerprint template 
file stores therein fingerprint data of a plurality of fin- 
gers of the same person. 

6. The fingerprint authentication unit according to 
daim 5, wherein said control means deddes a col- 
lation result to be of TRUE if fingerprint data detect- 
ed by said fingerprint sensor agrees in collation with 
said fingerprint data, stored in said fingerprint tern- 
plate file, of any one of said plurality of fingers. 

7. The fingerprint authentication unit according to 
daim 5, wherein said control means deddes a col- 
lation result to be of FALSE if fingerprint data de- 
tected by said fingerprint sensor does not agree in 
collation with said fingerprint data, stored in said fin- 
gerprint template file, of a spedfb one of said plu- 
rality of fingers. 

8. The fingerprint authentication unit according to 
daim 5, wherein said control means deddes a col- 
lation result to be of FALSE If fingerprint data de- 
teded by said fingerprint sensor does not agrees in 
collation with saki fi ngerpri nt data, stored in said fin- 
gerprint template file, of at least some of said plu- 
rality of fingers in a spedf k: order of said some fin- 
gers. 

9. An authentk^tion system comprising the fingeq^rint 
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. authentication unit according to any one of daims 
1-8 and an apparatus which can be connected to 
the Internet and in which applications can be exe- 
cuted, wherein: 

5 

said apparatus permits a user to be authenti- 
cated by fingerprint collation at said fingerprint 
authentication unit when said user purchases 
software, transmits a common key of said mas- 
ter file to the purchasing source and, when hav- io 
ing received the software and a code encrypted 
with said common key transmitted from said 
purchasing source, outputs said encrypted 
code to said fingerprint authentk:ation unit; 
said fingerprint authentication unit receives is 
said encrypted code to decrypt said encrypted 
code with said common key of said master file 
to store said encrypted code in a specific data 
file and then outputs said code stored in said 
specific data file to said apparatus when said 20 
software is used. 

10. The authentteation system according to claim 9, 
wherein a melody Is purchased In place of saki soft- 
ware over the internet, so that when saki melody is ^ 
reproduced, sakl code stored in said specific data 

file is used. 

11. The authentication system according to claim 10, 
wherein when charge is paid upon purchasing, said 30 
fingerprint authentication unit authenticates the fin- 
gerprint at a high collation level, while said appara- 
tus reads out the payment data from said data file 
and then transmits said payment data as encrypted 

to the purchasing source. 35 

12. The fingerprint authentication unit according to any 
one of claims 1 to 8 which is provided with an 
ISO-Standard connection terminal and which 

reads a state of a specific pin of the connec- 40 
tk>n tenninal, so that rf the specifrc pin is in the pow- 
er-ON state, the unit decides that the connection 
destination is a USB adapter devrce to enter the 
USB mode, 

and if the specifk: pin is in the power-OFF ^ 
state, the unit decides whether another pin is at a 
high or low voltage level, and if the voltage is at the 
low voltage level, it decides that the connection des- 
tination is an SIO adapter devce to enter the SIO 
mode, 50 

and if the voltage Is at the high voltage level, 
it decides that the connection destination is an SIO 
adapter to enter the ISO mode. 

13. The fingerprint authentk»tk>n unit according to any ss 
one of daims 1 to 8 whu:h is provkted with an 
ISO-Standard connection, comprising: 



an input/output drcuit for deciding upon power-', 
application whether the sixth pin of the connec- 
tion temnlnal is In the power-ON/OFF state to 
then output a decision result, and for deciding 
whether the fourth pin of the connection temni- 
nal is at the high/low voltage level to then output 
a decisk)n result, if the sixth pin is in the pow- 
er-OFF state; 

a USB interface circuit whteh operates in the 
USB mode if the sixth pin is in the power-ON 
state; 

an SIO Interface circuit which operates in the 
SIO mode if the sixth pin Is in the power-OFF 
state and the fourth pin is at the LOW voltage 
level; and 

a CPU drcuit section whbh sets the mode 
based on the decision result from the Input/out- 
put drcuit and also whrch operates in the ISO 
mode if the sixth pin is in the power-OFF state 
and the fourth pin is at the high voltage level. 

14. The fingerprint authentication unit according to 
daim 1 3, wherein when operating in the USB mode, 
said USB interface drcuit assigns the fourth and 
eighth pins of said connection terminal to and 
D- signals of a USB respectively. 

15. The fingerprint authentication unit according to 
daim 13, wherein when operating in the SIO mode, 
said SIO interface drcuit receives incoming data 
from the fourth pin of saki connection and outputs 
the data to the seventh pin thereof. 

16. The fingerprint authentication unit according to 
daim 13, wherein when operating in the ISO mode, 
said input/output circuit inputs and outputs data 
through the seventh pin of sakl connection temninal. 

1 7. The fingerprint authenttoation unit according to any 
one of daims 13-16, comprising a connection se- 
lectton circuit for 

when the sixth pin of said connection terminal 
is in the power-OFF state, interconneding the 
fourth pin and said Input/output drcuit; 
in the SIO mode, outputting the data at said 
fourth pin to said SIO interface circuit and also 
outputting the data from said SIO interface cir- 
cuit to the seventh pin; and 
in the ISO mode, interconnecting sakJ seventh 
pin and said input/output drcuit 

18. The fingerprint authentication unit according to any 
one of daims 13-17, wherein said SIO interface dr- 
cuit, sakl input/output drcuit, sakl USB interface dr- 
cuit, and said CPU drcuit section are constituted in 
a one-chip mcrocomputer. 
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